Jan. 22, 2003

Contact: Lynn Bretz, University Relations, (785) 864-8866.

KU reports suspected student records computer hacking to FBI

LAWRENCE -- University of Kansas officials today announced they have detected suspected computer hacking into a file server that contained records on 1,450 students, most of whom were international students.

The files were created when the university ran a test of its Student and Exchange Visitor Information System (SEVIS) database, which the U.S. Immigration and Naturalization Service has mandated universities to maintain. Transmission of actual data to the INS is not to begin until August 2003.

Five apparent hacking incidents, which took place between Jan. 6 and 17, were discovered Jan. 21. Once officials determined yesterday that university data had been downloaded, the incidents were reported immediately to the Federal Bureau of Investigation, the INS and other appropriate agencies. The university is assisting the FBI in efforts to identify and apprehend the person or people responsible for the hacking.

"We are cooperating fully with authorities," said Marilu Goodyear, KU vice provost for information services. "We are notifying students whose personal information -- Social Security numbers, dates of birth and other details -- were illegally copied and downloaded. We will tell these students what happened and assist them in protecting their personal identity information."

Goodyear said officials believe a "temporary hole" in existing security protocols for the university's SEVIS system was inadvertently created when a security update was installed recently on the Microsoft operating system.

In the investigation yesterday, university officials determined the first hacking incidents that began Jan. 6 involved using the system to illegally install and download copyrighted movies and pornography. The Jan. 17 incident clearly involved downloading the student record information.

"We deeply regret this situation and are taking steps to support the affected students," said Provost and Executive Vice Chancellor David Shulenburger. "We will help them in every way possible and do our best to protect against future intrusions."

The INS has alerted all U.S. ports of entry to reduce the chances of someone using the stolen information to create false identity papers.

-30-


This site is maintained by University Relations, the public relations office for the University of Kansas Lawrence campus. Copyright 2003, the University of Kansas Office of University Relations. Images and information may be reused with notice of copyright, but not altered. Contact us at kurelations@ku.edu, or (785) 864-3256. Fax: (785) 864-3339